While certain cyberattacks focus on specific organizations, the majority target the largest number of internet users possible. Such attacks are often relatively easy for cybercriminals to undertake and can cause serious harm. The impact of indiscriminate malicious activity online can be significant and carries an estimated global price tag of $6 trillion in 2021.
The World Economic Forum Centre for Cybersecurity brought together a group of leading ISPs and multilateral organizations to develop new ways to protect and prevent these attacks from reaching consumers. Following a year of development and testing, four actionable principles were identified as successful in preventing malicious activities from getting “down the pipes” to consumers, set out in the report: Cybercrime Prevention: Principles for Internet Service Providers.
BT, Deutsche Telekom, Du Telecom, Europol, Global Cyber Alliance, Internet Society, Korea Telecom, Proximus, Saudi Telcom, Singtel, Telstra, ITU endorsed these principles, protecting up to 1 billion consumers in 180 countries in the process.
“Cybersecurity is becoming a public safety issue,” said Amy Jordan, Delivery Lead, Platform for Shaping the Future of Cybersecurity and Digital Trust, World Economic Forum. As more and more devices are connected and physical infrastructure becomes increasingly connected, no one company can do it alone. The community needs to come together, and these principles can accelerate and scale impact.”
In the report, each principle is considered from the perspective of the challenges it is seeking to address, as well as providing demonstrable evidence from service providers of the benefits of implementation. Further, more technical detail on how each principle could be implemented is also provided in related recommendations.
“This initiative represents a fantastic example of the World Economic Forum’s ability to convene public and private sector stakeholders to share and implement industry best practice that helps not only the organizations involved, but the users of the internet at large,” said Kevin Brown, Managing Director, BT Security.
“EUROPOL wholeheartedly supports the adoption of these principles by Internet Service Providers worldwide because they have the potential to significantly limit the harm caused by malicious cybercrime actors,” said Catherine de Bolle, Executive Director of EUROPOL.
“The World Economic Forum’s ISP Principles are a superb collection of actionable measures that providers can use to reduce malicious activity online,” said Joseph Lorenzo Hall, Senior Vice President, Strong Internet, Internet Society.
“By adopting these best practice principles and working with governments in a public-private partnership to create a supportive policy framework, we will collectively boost trust in the digital economy and significantly reduce cybercrime,” said Stefaan De Clerck, Chairman, Proximus Board.
“As a nation, and as the digital enabling company, we are exposed to all sorts of attacks, which forced us early on to heavily invest and build world class cyber capabilities to become fully resilient. Guided by these four principles we encourage other ISPs to leverage them in defining their strategies and gain confidence by joining other global partners.” said Nasser Suliaman AlNasser, Saudi Telecom Group (stc) CEO.
It is recommended that ISPs adopt the following key principles:
1. Protect consumers by default from widespread cyberattacks and act collectively with peers to identify and respond to known threats.
2. Take action to raise awareness and understanding of threats and support consumers in protecting themselves and their networks.
3. Work more closely with manufacturers and vendors of hardware, software and infrastructure to increase minimum levels of security.
4. Take action to shore up the security of routing and signalling to reinforce effective defence against attacks.
The World Economic Forum, will now use its Platform for Shaping the Future of Cybersecurity and Digital Trust to drive adoption of the Principles and seek to initiate a dialogue between public- and private-sector stakeholders on how governments can incentivize uptake and establish clearer policy frameworks and expectations. By working collaboratively, ISPs will be better placed to protect their customers and defend their own networks than if they work alone.